Did you know that cyber insurance companies are currently facing massive losses? This might sound unbelievable, but it’s true. In 2020, the average ransom payment was $300,000. However, by 2023, this amount had increased to $1,500,000 – a 500% hike in just three years! This has forced significant new cyber insurance requirements
Why such a significant increase?
The frequency of ransomware attacks has increased exponentially. In 2022, a staggering 77% of all organizations were targeted by cyber criminals.
The cost of incident response and replacing IT inventory has increased, which is not surprising given the current trend of rising prices across the board.
Many organizations have poor cybersecurity practices and inadequate incident response plans. It is common to hear statements such as “I don’t need cyber security because I have insurance” or “We are okay because small organizations are not targeted.” However, these beliefs are often misguided and put organizations at risk.
Did you know that some cyber insurance plans provide coverage for business interruption? It’s worth considering the cost of computer downtime. Imagine the cost if your computers were down for a day, a week, two weeks, or even a month. Shockingly, the average downtime after a ransomware attack is 24 days.
According to a recent study, small and medium-sized enterprises impacted by cyber claims faced an average of $343,000 in business interruption expenses as they worked to recover.
If you were an insurance company, what would you do?
A number of insurance companies are withdrawing from the cyber insurance market due to unpredictability. Moreover, some insurers are rejecting more claims and declining to renew policies for sectors that pose higher risks. Most reputable insurers have significantly tightened their underwriting standards to minimize their risks, and as a result, premiums have surged. In particular, standalone cyber coverage’s average premiums have increased by over 70% annually since 2020.
So, what can you do?
Step 1: Make sure you are covered.
First, you may not have coverage, and if you do, it might not be worth the paper it’s printed on if you aren’t doing your part.
Cyber insurance is not part of a standard liability policy. You probably are not covered if you haven’t specifically purchased cyber insurance.
If you have cyber insurance, knowing what is covered and what isn’t under your policy is crucial. Moreover, you must ensure that you comply with the terms and conditions of your insurance company to be eligible for reimbursement in case of a successful cyber attack. The minimum standards for coverage have significantly increased, and the policies are now legally and technically complex. Thus, it’s essential to have a professional who understands both aspects to review your policy and cyber security plan.
Step 2: Prepare to get or renew your policy.
Insurance companies are not fond of paying ransoms, making obtaining and renewing policies much more complex. A few years ago, the assessment of networks required for cyber insurance was done through a short one-page self-assessment questionnaire. However, today, these questionnaires have grown and can be dozens of pages long.
Here are five primary areas that need to be reviewed:
- Do you have MFA for email and sensitive information?
- Do you have backups, and are you sure they are working?
- Do you have up-to-date, active antivirus installed on all computers?
- Do you have a written documented breach response plan?
- Do you have up-to-date, active firewall technology?
If you answer no to any of these questions, your policy will not be renewed or granted. Once your renewal is denied, it becomes much harder to obtain insurance.
Remember, if you answer yes and the answer is actually no, your policy will be terminated, making it next to impossible to get cyber insurance in the future.
Step 3: Avoid becoming a victim.
This might sound obvious, but just like your car insurance increases after an accident, the same is true after a successful cyber attack. So, do everything in your power to prevent that!
The good news is that 93% of security breaches are preventable so you can prevent most attacks! One way is to ensure someone inspects your network no less than every 90 days. Another good way is to provide your team with regular cybersecurity training.
How do we prepare for New Cyber Insurance Requirements?
Commonwealth Sentinel offers a comprehensive suite of cybersecurity services to safeguard your organization from digital threats. In addition, we can guide you through the process of obtaining cyber insurance coverage and provide expert advice on how to keep your organization secure. To schedule a free consultation, click here or contact us at (502) 320-9885.